# -*- coding: utf-8 -*-
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
from __future__ import annotations

from typing import MutableMapping, MutableSequence

from google.protobuf import timestamp_pb2  # type: ignore
import proto  # type: ignore

__protobuf__ = proto.module(
    package="google.cloud.securitycenter.v2",
    manifest={
        "Vulnerability",
        "Cve",
        "Reference",
        "Cvssv3",
        "Package",
        "SecurityBulletin",
        "Cwe",
    },
)


class Vulnerability(proto.Message):
    r"""Refers to common vulnerability fields e.g. cve, cvss, cwe
    etc.

    Attributes:
        cve (google.cloud.securitycenter_v2.types.Cve):
            CVE stands for Common Vulnerabilities and
            Exposures (https://cve.mitre.org/about/)
        offending_package (google.cloud.securitycenter_v2.types.Package):
            The offending package is relevant to the
            finding.
        fixed_package (google.cloud.securitycenter_v2.types.Package):
            The fixed package is relevant to the finding.
        security_bulletin (google.cloud.securitycenter_v2.types.SecurityBulletin):
            The security bulletin is relevant to this
            finding.
        provider_risk_score (int):
            Provider provided risk_score based on multiple factors. The
            higher the risk score, the more risky the vulnerability is.
        reachable (bool):
            Represents whether the vulnerability is
            reachable (detected via static analysis)
        cwes (MutableSequence[google.cloud.securitycenter_v2.types.Cwe]):
            Represents one or more Common Weakness
            Enumeration (CWE) information on this
            vulnerability.
    """

    cve: "Cve" = proto.Field(
        proto.MESSAGE,
        number=1,
        message="Cve",
    )
    offending_package: "Package" = proto.Field(
        proto.MESSAGE,
        number=2,
        message="Package",
    )
    fixed_package: "Package" = proto.Field(
        proto.MESSAGE,
        number=3,
        message="Package",
    )
    security_bulletin: "SecurityBulletin" = proto.Field(
        proto.MESSAGE,
        number=4,
        message="SecurityBulletin",
    )
    provider_risk_score: int = proto.Field(
        proto.INT64,
        number=5,
    )
    reachable: bool = proto.Field(
        proto.BOOL,
        number=6,
    )
    cwes: MutableSequence["Cwe"] = proto.RepeatedField(
        proto.MESSAGE,
        number=7,
        message="Cwe",
    )


class Cve(proto.Message):
    r"""CVE stands for Common Vulnerabilities and Exposures. Information
    from the `CVE
    record <https://www.cve.org/ResourcesSupport/Glossary>`__ that
    describes this vulnerability.

    Attributes:
        id (str):
            The unique identifier for the vulnerability.
            e.g. CVE-2021-34527
        references (MutableSequence[google.cloud.securitycenter_v2.types.Reference]):
            Additional information about the CVE.
            e.g.
            https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
        cvssv3 (google.cloud.securitycenter_v2.types.Cvssv3):
            Describe Common Vulnerability Scoring System
            specified at
            https://www.first.org/cvss/v3.1/specification-document
        upstream_fix_available (bool):
            Whether upstream fix is available for the
            CVE.
        impact (google.cloud.securitycenter_v2.types.Cve.RiskRating):
            The potential impact of the vulnerability if
            it was to be exploited.
        exploitation_activity (google.cloud.securitycenter_v2.types.Cve.ExploitationActivity):
            The exploitation activity of the
            vulnerability in the wild.
        observed_in_the_wild (bool):
            Whether or not the vulnerability has been
            observed in the wild.
        zero_day (bool):
            Whether or not the vulnerability was zero day
            when the finding was published.
        exploit_release_date (google.protobuf.timestamp_pb2.Timestamp):
            Date the first publicly available exploit or
            PoC was released.
        first_exploitation_date (google.protobuf.timestamp_pb2.Timestamp):
            Date of the earliest known exploitation.
    """

    class RiskRating(proto.Enum):
        r"""The possible values of impact of the vulnerability if it was
        to be exploited.

        Values:
            RISK_RATING_UNSPECIFIED (0):
                Invalid or empty value.
            LOW (1):
                Exploitation would have little to no security
                impact.
            MEDIUM (2):
                Exploitation would enable attackers to
                perform activities, or could allow attackers to
                have a direct impact, but would require
                additional steps.
            HIGH (3):
                Exploitation would enable attackers to have a
                notable direct impact without needing to
                overcome any major mitigating factors.
            CRITICAL (4):
                Exploitation would fundamentally undermine
                the security of affected systems, enable actors
                to perform significant attacks with minimal
                effort, with little to no mitigating factors to
                overcome.
        """
        RISK_RATING_UNSPECIFIED = 0
        LOW = 1
        MEDIUM = 2
        HIGH = 3
        CRITICAL = 4

    class ExploitationActivity(proto.Enum):
        r"""The possible values of exploitation activity of the
        vulnerability in the wild.

        Values:
            EXPLOITATION_ACTIVITY_UNSPECIFIED (0):
                Invalid or empty value.
            WIDE (1):
                Exploitation has been reported or confirmed
                to widely occur.
            CONFIRMED (2):
                Limited reported or confirmed exploitation
                activities.
            AVAILABLE (3):
                Exploit is publicly available.
            ANTICIPATED (4):
                No known exploitation activity, but has a
                high potential for exploitation.
            NO_KNOWN (5):
                No known exploitation activity.
        """
        EXPLOITATION_ACTIVITY_UNSPECIFIED = 0
        WIDE = 1
        CONFIRMED = 2
        AVAILABLE = 3
        ANTICIPATED = 4
        NO_KNOWN = 5

    id: str = proto.Field(
        proto.STRING,
        number=1,
    )
    references: MutableSequence["Reference"] = proto.RepeatedField(
        proto.MESSAGE,
        number=2,
        message="Reference",
    )
    cvssv3: "Cvssv3" = proto.Field(
        proto.MESSAGE,
        number=3,
        message="Cvssv3",
    )
    upstream_fix_available: bool = proto.Field(
        proto.BOOL,
        number=4,
    )
    impact: RiskRating = proto.Field(
        proto.ENUM,
        number=5,
        enum=RiskRating,
    )
    exploitation_activity: ExploitationActivity = proto.Field(
        proto.ENUM,
        number=6,
        enum=ExploitationActivity,
    )
    observed_in_the_wild: bool = proto.Field(
        proto.BOOL,
        number=7,
    )
    zero_day: bool = proto.Field(
        proto.BOOL,
        number=8,
    )
    exploit_release_date: timestamp_pb2.Timestamp = proto.Field(
        proto.MESSAGE,
        number=9,
        message=timestamp_pb2.Timestamp,
    )
    first_exploitation_date: timestamp_pb2.Timestamp = proto.Field(
        proto.MESSAGE,
        number=10,
        message=timestamp_pb2.Timestamp,
    )


class Reference(proto.Message):
    r"""Additional Links

    Attributes:
        source (str):
            Source of the reference e.g. NVD
        uri (str):
            Uri for the mentioned source e.g.
            https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
    """

    source: str = proto.Field(
        proto.STRING,
        number=1,
    )
    uri: str = proto.Field(
        proto.STRING,
        number=2,
    )


class Cvssv3(proto.Message):
    r"""Common Vulnerability Scoring System version 3.

    Attributes:
        base_score (float):
            The base score is a function of the base
            metric scores.
        attack_vector (google.cloud.securitycenter_v2.types.Cvssv3.AttackVector):
            Base Metrics
            Represents the intrinsic characteristics of a
            vulnerability that are constant over time and
            across user environments. This metric reflects
            the context by which vulnerability exploitation
            is possible.
        attack_complexity (google.cloud.securitycenter_v2.types.Cvssv3.AttackComplexity):
            This metric describes the conditions beyond
            the attacker's control that must exist in order
            to exploit the vulnerability.
        privileges_required (google.cloud.securitycenter_v2.types.Cvssv3.PrivilegesRequired):
            This metric describes the level of privileges
            an attacker must possess before successfully
            exploiting the vulnerability.
        user_interaction (google.cloud.securitycenter_v2.types.Cvssv3.UserInteraction):
            This metric captures the requirement for a
            human user, other than the attacker, to
            participate in the successful compromise of the
            vulnerable component.
        scope (google.cloud.securitycenter_v2.types.Cvssv3.Scope):
            The Scope metric captures whether a
            vulnerability in one vulnerable component
            impacts resources in components beyond its
            security scope.
        confidentiality_impact (google.cloud.securitycenter_v2.types.Cvssv3.Impact):
            This metric measures the impact to the
            confidentiality of the information resources
            managed by a software component due to a
            successfully exploited vulnerability.
        integrity_impact (google.cloud.securitycenter_v2.types.Cvssv3.Impact):
            This metric measures the impact to integrity
            of a successfully exploited vulnerability.
        availability_impact (google.cloud.securitycenter_v2.types.Cvssv3.Impact):
            This metric measures the impact to the
            availability of the impacted component resulting
            from a successfully exploited vulnerability.
    """

    class AttackVector(proto.Enum):
        r"""This metric reflects the context by which vulnerability
        exploitation is possible.

        Values:
            ATTACK_VECTOR_UNSPECIFIED (0):
                Invalid value.
            ATTACK_VECTOR_NETWORK (1):
                The vulnerable component is bound to the
                network stack and the set of possible attackers
                extends beyond the other options listed below,
                up to and including the entire Internet.
            ATTACK_VECTOR_ADJACENT (2):
                The vulnerable component is bound to the
                network stack, but the attack is limited at the
                protocol level to a logically adjacent topology.
            ATTACK_VECTOR_LOCAL (3):
                The vulnerable component is not bound to the
                network stack and the attacker's path is via
                read/write/execute capabilities.
            ATTACK_VECTOR_PHYSICAL (4):
                The attack requires the attacker to
                physically touch or manipulate the vulnerable
                component.
        """
        ATTACK_VECTOR_UNSPECIFIED = 0
        ATTACK_VECTOR_NETWORK = 1
        ATTACK_VECTOR_ADJACENT = 2
        ATTACK_VECTOR_LOCAL = 3
        ATTACK_VECTOR_PHYSICAL = 4

    class AttackComplexity(proto.Enum):
        r"""This metric describes the conditions beyond the attacker's
        control that must exist in order to exploit the vulnerability.

        Values:
            ATTACK_COMPLEXITY_UNSPECIFIED (0):
                Invalid value.
            ATTACK_COMPLEXITY_LOW (1):
                Specialized access conditions or extenuating
                circumstances do not exist. An attacker can
                expect repeatable success when attacking the
                vulnerable component.
            ATTACK_COMPLEXITY_HIGH (2):
                A successful attack depends on conditions
                beyond the attacker's control. That is, a
                successful attack cannot be accomplished at
                will, but requires the attacker to invest in
                some measurable amount of effort in preparation
                or execution against the vulnerable component
                before a successful attack can be expected.
        """
        ATTACK_COMPLEXITY_UNSPECIFIED = 0
        ATTACK_COMPLEXITY_LOW = 1
        ATTACK_COMPLEXITY_HIGH = 2

    class PrivilegesRequired(proto.Enum):
        r"""This metric describes the level of privileges an attacker
        must possess before successfully exploiting the vulnerability.

        Values:
            PRIVILEGES_REQUIRED_UNSPECIFIED (0):
                Invalid value.
            PRIVILEGES_REQUIRED_NONE (1):
                The attacker is unauthorized prior to attack,
                and therefore does not require any access to
                settings or files of the vulnerable system to
                carry out an attack.
            PRIVILEGES_REQUIRED_LOW (2):
                The attacker requires privileges that provide
                basic user capabilities that could normally
                affect only settings and files owned by a user.
                Alternatively, an attacker with Low privileges
                has the ability to access only non-sensitive
                resources.
            PRIVILEGES_REQUIRED_HIGH (3):
                The attacker requires privileges that provide
                significant (e.g., administrative) control over
                the vulnerable component allowing access to
                component-wide settings and files.
        """
        PRIVILEGES_REQUIRED_UNSPECIFIED = 0
        PRIVILEGES_REQUIRED_NONE = 1
        PRIVILEGES_REQUIRED_LOW = 2
        PRIVILEGES_REQUIRED_HIGH = 3

    class UserInteraction(proto.Enum):
        r"""This metric captures the requirement for a human user, other
        than the attacker, to participate in the successful compromise
        of the vulnerable component.

        Values:
            USER_INTERACTION_UNSPECIFIED (0):
                Invalid value.
            USER_INTERACTION_NONE (1):
                The vulnerable system can be exploited
                without interaction from any user.
            USER_INTERACTION_REQUIRED (2):
                Successful exploitation of this vulnerability
                requires a user to take some action before the
                vulnerability can be exploited.
        """
        USER_INTERACTION_UNSPECIFIED = 0
        USER_INTERACTION_NONE = 1
        USER_INTERACTION_REQUIRED = 2

    class Scope(proto.Enum):
        r"""The Scope metric captures whether a vulnerability in one
        vulnerable component impacts resources in components beyond its
        security scope.

        Values:
            SCOPE_UNSPECIFIED (0):
                Invalid value.
            SCOPE_UNCHANGED (1):
                An exploited vulnerability can only affect
                resources managed by the same security
                authority.
            SCOPE_CHANGED (2):
                An exploited vulnerability can affect
                resources beyond the security scope managed by
                the security authority of the vulnerable
                component.
        """
        SCOPE_UNSPECIFIED = 0
        SCOPE_UNCHANGED = 1
        SCOPE_CHANGED = 2

    class Impact(proto.Enum):
        r"""The Impact metrics capture the effects of a successfully
        exploited vulnerability on the component that suffers the worst
        outcome that is most directly and predictably associated with
        the attack.

        Values:
            IMPACT_UNSPECIFIED (0):
                Invalid value.
            IMPACT_HIGH (1):
                High impact.
            IMPACT_LOW (2):
                Low impact.
            IMPACT_NONE (3):
                No impact.
        """
        IMPACT_UNSPECIFIED = 0
        IMPACT_HIGH = 1
        IMPACT_LOW = 2
        IMPACT_NONE = 3

    base_score: float = proto.Field(
        proto.DOUBLE,
        number=1,
    )
    attack_vector: AttackVector = proto.Field(
        proto.ENUM,
        number=2,
        enum=AttackVector,
    )
    attack_complexity: AttackComplexity = proto.Field(
        proto.ENUM,
        number=3,
        enum=AttackComplexity,
    )
    privileges_required: PrivilegesRequired = proto.Field(
        proto.ENUM,
        number=4,
        enum=PrivilegesRequired,
    )
    user_interaction: UserInteraction = proto.Field(
        proto.ENUM,
        number=5,
        enum=UserInteraction,
    )
    scope: Scope = proto.Field(
        proto.ENUM,
        number=6,
        enum=Scope,
    )
    confidentiality_impact: Impact = proto.Field(
        proto.ENUM,
        number=7,
        enum=Impact,
    )
    integrity_impact: Impact = proto.Field(
        proto.ENUM,
        number=8,
        enum=Impact,
    )
    availability_impact: Impact = proto.Field(
        proto.ENUM,
        number=9,
        enum=Impact,
    )


class Package(proto.Message):
    r"""Package is a generic definition of a package.

    Attributes:
        package_name (str):
            The name of the package where the
            vulnerability was detected.
        cpe_uri (str):
            The CPE URI where the vulnerability was
            detected.
        package_type (str):
            Type of package, for example, os, maven, or
            go.
        package_version (str):
            The version of the package.
    """

    package_name: str = proto.Field(
        proto.STRING,
        number=1,
    )
    cpe_uri: str = proto.Field(
        proto.STRING,
        number=2,
    )
    package_type: str = proto.Field(
        proto.STRING,
        number=3,
    )
    package_version: str = proto.Field(
        proto.STRING,
        number=4,
    )


class SecurityBulletin(proto.Message):
    r"""SecurityBulletin are notifications of vulnerabilities of
    Google products.

    Attributes:
        bulletin_id (str):
            ID of the bulletin corresponding to the
            vulnerability.
        submission_time (google.protobuf.timestamp_pb2.Timestamp):
            Submission time of this Security Bulletin.
        suggested_upgrade_version (str):
            This represents a version that the cluster
            receiving this notification should be upgraded
            to, based on its current version. For example,
            1.15.0
    """

    bulletin_id: str = proto.Field(
        proto.STRING,
        number=1,
    )
    submission_time: timestamp_pb2.Timestamp = proto.Field(
        proto.MESSAGE,
        number=2,
        message=timestamp_pb2.Timestamp,
    )
    suggested_upgrade_version: str = proto.Field(
        proto.STRING,
        number=3,
    )


class Cwe(proto.Message):
    r"""CWE stands for Common Weakness Enumeration. Information about this
    weakness, as described by `CWE <https://cwe.mitre.org/>`__.

    Attributes:
        id (str):
            The CWE identifier, e.g. CWE-94
        references (MutableSequence[google.cloud.securitycenter_v2.types.Reference]):
            Any reference to the details on the CWE, for
            example,
            https://cwe.mitre.org/data/definitions/94.html
    """

    id: str = proto.Field(
        proto.STRING,
        number=1,
    )
    references: MutableSequence["Reference"] = proto.RepeatedField(
        proto.MESSAGE,
        number=2,
        message="Reference",
    )


__all__ = tuple(sorted(__protobuf__.manifest))
